alienvault库的报警、事件表结构
创新互联是一家专注于做网站、
成都网站设计与策划设计,新华网站建设哪家好?创新互联做网站,专注于网站建设10余年,网设计领域的专业建站公司;建站业务涵盖:新华等地区。新华做网站价格咨询:18982081108
作为OSSIM数据库开发者,以下alienvault库的报警、事件表结构,需要了解。
1.alarm
Field | Type | Allow Null | Default Value |
---|
backlog_id | binary(16) | No |
|
event_id | binary(16) | No |
|
corr_engine_ctx | binary(16) | No |
|
timestamp | timestamp | Yes |
|
status | enum('open','closed') | Yes | 'open' |
plugin_id | int(11) | No |
|
plugin_sid | int(11) | No |
|
protocol | int(11) | Yes |
|
src_ip | varbinary(16) | Yes |
|
dst_ip | varbinary(16) | Yes |
|
src_port | int(11) | Yes |
|
dst_port | int(11) | Yes |
|
risk | int(11) | Yes |
|
efr | int(11) | No | 0 |
similar | varchar(40) | No | '0000000000000000000000000000000000000000' |
stats | mediumtext | No |
|
removable | tinyint(1) | No | 0 |
in_file | tinyint(1) | No | 0 |
2.alarm_groups
Field | Type | Allow Null | Default Value |
---|
group_id | varchar(255) | No |
|
description | text | No |
|
status | enum('open','closed') | No |
|
timestamp | timestamp | No | CURRENT_TIMESTAMP |
owner | varchar(64) | No |
|
3.alarm_hosts
Field | Type | Allow Null | Default Value |
---|
id_alarm | binary(16) | No |
|
id_host | binary(16) | No |
|
4.alarm_kingdoms
Field | Type | Allow Null | Default Value |
---|
id | int(11) | No |
|
name | varchar(128) | No |
|
5.alarm_nets
Field | Type | Allow Null | Default Value |
---|
id_alarm | binary(16) | No |
|
id_net | binary(16) | No |
|
6.alarm_tags
Field | Type | Allow Null | Default Value |
---|
id_alarm | binary(16) | No |
|
id_tag | int(11) | No |
|
alarm_taxonomy
Field | Type | Allow Null | Default Value |
---|
sid | int(11) | No |
|
engine_id | binary(16) | No | '\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0' |
kingdom | int(11) | No |
|
category | int(11) | No |
|
subcategory | text | No |
|
7.databases
Field | Type | Allow Null | Default Value |
---|
id | int(10) UNSIGNED | No |
|
ctx | binary(16) | No |
|
name | varchar(64) | No |
|
ip | varbinary(16) | No |
|
port | int(11) | No | 3306 |
user | varchar(64) | No |
|
pass | varchar(64) | No |
|
icon | mediumblob | No |
|
8.device_types
Field | Type | Allow Null | Default Value |
---|
id | int(11) | No |
|
name | varchar(64) | No |
|
class | int(11) | No |
|
9.event
Field | Type | Allow Null | Default Value |
---|
id | binary(16) | No |
|
agent_ctx | binary(16) | No |
|
timestamp | timestamp | No | CURRENT_TIMESTAMP |
tzone | float | No | 0 |
sensor_id | binary(16) | Yes |
|
interface | varchar(32) | No |
|
type | int(11) | No |
|
plugin_id | int(11) | No |
|
plugin_sid | int(11) | No |
|
protocol | int(11) | Yes |
|
src_ip | varbinary(16) | Yes |
|
dst_ip | varbinary(16) | Yes |
|
src_port | int(11) | Yes |
|
dst_port | int(11) | Yes |
|
event_condition | int(11) | Yes |
|
value | text | Yes |
|
time_interval | int(11) | Yes |
|
absolute | tinyint(4) | Yes |
|
priority | int(11) | Yes | 1 |
reliability | int(11) | Yes | 1 |
asset_src | int(11) | Yes | 1 |
asset_dst | int(11) | Yes | 1 |
risk_a | int(11) | Yes | 0 |
risk_c | int(11) | Yes | 0 |
alarm | tinyint(4) | Yes | 0 |
filename | varchar(256) | Yes |
|
username | varchar(64) | Yes |
|
password | varchar(64) | Yes |
|
userdata1 | varchar(1024) | Yes |
|
userdata2 | varchar(1024) | Yes |
|
userdata3 | varchar(1024) | Yes |
|
userdata4 | varchar(1024) | Yes |
|
userdata5 | varchar(1024) | Yes |
|
userdata6 | varchar(1024) | Yes |
|
userdata7 | varchar(1024) | Yes |
|
userdata8 | varchar(1024) | Yes |
|
userdata9 | varchar(1024) | Yes |
|
rulename | text | Yes |
|
rep_prio_src | int(10) UNSIGNED | Yes |
|
rep_prio_dst | int(10) UNSIGNED | Yes |
|
rep_rel_src | int(10) UNSIGNED | Yes |
|
rep_rel_dst | int(10) UNSIGNED | Yes |
|
rep_act_src | varchar(64) | Yes |
|
rep_act_dst | varchar(64) | Yes |
|
src_hostname | varchar(64) | Yes |
|
dst_hostname | varchar(64) | Yes |
|
src_mac | binary(6) | Yes |
|
dst_mac | binary(6) | Yes |
|
src_host | binary(16) | Yes |
|
dst_host | binary(16) | Yes |
|
src_net | binary(16) | Yes |
|
dst_net | binary(16) | Yes |
|
refs | int(11) | Yes |
|
10.extra_data
Field | Type | Allow Null | Default Value |
---|
event_id | binary(16) | No |
|
data_payload | text | Yes |
|
binary_data | blob | Yes |
|
11.host
Field | Type | Allow Null | Default Value |
---|
id | binary(16) | No |
|
ctx | binary(16) | No |
|
hostname | varchar(128) | No |
|
fqdns | varchar(255) | No |
|
asset | smallint(6) | No |
|
threshold_c | int(11) | No |
|
threshold_a | int(11) | No |
|
alert | int(11) | No |
|
persistence | int(11) | No |
|
nat | varchar(15) | Yes |
|
rrd_profile | varchar(64) | Yes |
|
descr | varchar(255) | Yes |
|
lat | varchar(255) | Yes | '0' |
lon | varchar(255) | Yes | '0' |
icon | mediumblob | Yes |
|
country | varchar(64) | Yes |
|
external_host | tinyint(1) | No | 0 |
permissions | binary(8) | No | '\0\0\0\0\0\0\0\0' |
av_component | tinyint(1) | No | 0 |
created | datetime | Yes |
|
updated | datetime | Yes |
|
12.incident
Field | Type | Allow Null | Default Value |
---|
id | int(11) | No |
|
uuid | binary(16) | No |
|
ctx | binary(16) | No |
|
title | varchar(512) | No |
|
date | datetime | No | 0000-00-00 00:00:00 |
ref | enum('Alarm','Alert','Event','Metric','Anomaly','Vulnerability','Custom') | No | 'Alarm' |
type_id | varchar(64) | No | '0' |
priority | int(11) | No |
|
status | enum('Open','Assigned','Studying','Waiting','Testing','Closed') | No | 'Open' |
last_update | datetime | No | 0000-00-00 00:00:00 |
in_charge | varchar(64) | No |
|
submitter | varchar(64) | No |
|
event_start | datetime | No | 0000-00-00 00:00:00 |
event_end | datetime | No | 0000-00-00 00:00:00 |
13.incident_alarm
Field | Type | Allow Null | Default Value |
---|
id | int(11) | No |
|
incident_id | int(11) | No |
|
src_ips | varchar(255) | No |
|
src_ports | varchar(255) | No |
|
dst_ips | varchar(255) | No |
|
dst_ports | varchar(255) | No |
|
backlog_id | binary(16) | No |
|
event_id | binary(16) | No |
|
alarm_group_id | binary(16) | Yes |
|
14.incident_anomaly
Field | Type | Allow Null | Default Value |
---|
id | int(11) | No |
|
incident_id | int(11) | No |
|
anom_type | enum('mac','service','os') | No | 'mac' |
ip | varchar(255) | No |
|
data_orig | varchar(255) | No |
|
data_new | varchar(255) | No |
|
15.plugin_sid
Field | Type | Allow Null | Default Value |
---|
plugin_ctx | binary(16) | No |
|
plugin_id | int(11) | No |
|
sid | int(11) | No |
|
class_id | int(11) | Yes |
|
reliability | int(11) | Yes | 1 |
priority | int(11) | Yes | 1 |
name | varchar(512) | No |
|
aro | decimal(11,4) | No | 0.0000 |
subcategory_id | int(11) | Yes |
|
category_id | int(11) | Yes |
|
通常我们一个线上OSSIM系统,另一个开发系统,现在要把开发系统更新到线上,但是开发系统的数据库结构与线上的略有差异,所以需要找出两个数据库的表结构差异,数据库表结构的差异。我们利用mysqldump和diff两个命令组合完成。
导出表结构
mysqldump -uroot -p -d alienvault >/home/db1.sql
mysqldump -uroot -p -d alienvault >/home/db2.sql
比较
diff db1.sql db2.sql>diff
另外有需要云服务器可以了解下创新互联scvps.cn,海内外云服务器15元起步,三天无理由+7*72小时售后在线,公司持有idc许可证,提供“云服务器、裸金属服务器、高防服务器、香港服务器、美国服务器、虚拟主机、免备案服务器”等云主机租用服务以及企业上云的综合解决方案,具有“安全稳定、简单易用、服务可用性高、性价比高”等特点与优势,专为企业上云打造定制,能够满足用户丰富、多元化的应用场景需求。
网站名称:alienvault库的报警、事件表结构-创新互联
分享URL:
http://cqcxhl.cn/article/jpigp.html